d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
proxmox/docs/05-network/EDGE_PORT_VERIFICATION_RUNBOOK.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

2.5 KiB
Raw Permalink Blame History

Edge Port Verification Runbook (Phase 0)

Last Updated: 2026-02-05
Status: Active
Purpose: Pre-requisite for Fastly/Direct edge design. Verifies whether inbound 80/443 are reachable on the public origin IP so the team can choose Option A (Fastly), Option C (direct), or Option B (tunnel/VPS).

Why This Matters

  • Spectrum (ISP) gateway at 76.53.10.33 shows ports 21, 22, 23, 80, 110, 143, 443, 3389 as filtered when scanned.
  • The origin for public traffic is 76.53.10.36 (UDM Pro port forward to NPMplus). Reachability of 76.53.10.36:80 and 76.53.10.36:443 from the internet determines whether Fastly or direct-to-origin is viable.
  • If both are open: proceed with Option A (Fastly) or Option C (DNS direct to 76.53.10.36).
  • If closed/filtered: Option B required (Cloudflare Tunnel fix, or VPS/outbound connector).

Prerequisite

Run the check from outside your network (e.g. mobile hotspot, different ISP, or a cloud VM). Do not rely on LAN or same-Spectrum tests.

Step 1: Port check from outside your network

Option A: Online port checker

  1. Use a public service (e.g. yougetsignal.com or similar).
  2. Target: 76.53.10.36
  3. Ports: 80 (HTTP), 443 (HTTPS)
  4. Record result: Open / Closed / Filtered for each.

Option B: nmap from external host

From a host that is not on 192.168.11.0/24 and not behind the same Spectrum gateway:

nmap -p 80,443 76.53.10.36

Interpret:

  • open: Proceed with Fastly (Option A) or direct (Option C).
  • filtered or closed: Use Option B (tunnel or VPS origin).

Step 2: Record and decide

Port Result Action
80 open HTTP redirect/origin possible
80 filtered/closed Option B or HTTPS-only to 443
443 open Fastly/direct HTTPS viable
443 filtered/closed Option B required (no inbound HTTPS to .36)

Go/no-go:

  • Go for Option A/C: Both 80 and 443 open on 76.53.10.36 from internet.
  • No-go for Option A/C: 443 closed or filtered → implement Option B (tunnel or VPS origin; see NETWORK_CONFIGURATION_MASTER.md and edge options in project runbooks).

References

Reference in New Issue View Git Blame Copy Permalink